BUG: unable to handle kernel paging request in fuse_dev_do_write
8 views
Skip to first unread message
syzbot
Dec 15, 2020, 6:21:11 AM12/15/20
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 30fc3020 BACKPORT: mm/gup: Remove enfornced COW mechanism
git tree: android12-5.4
console output: https://syzkaller.appspot.com/x/log.txt?x=17ed240f500000
kernel config: https://syzkaller.appspot.com/x/.config?x=3f87a6a62e174867
dashboard link: https://syzkaller.appspot.com/bug?extid=6f69172f54597343c14f
compiler: Android (6032204 based on r370808) clang version 10.0.1 (https://android.googlesource.com/toolchain/llvm-project 6e765c10313d15c02ab29977a82938f66742c3a9)
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6f6917...@syzkaller.appspotmail.com
BUG: unable to handle page fault for address: ffffed105e3c69ff
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 23fff7067 P4D 23fff7067 PUD 23fff5067 PMD 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 28911 Comm: syz-executor.3 Not tainted 5.4.83-syzkaller-00110-g30fc30201c19 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:fuse_dev_do_write+0x547f/0x74b0 fs/fuse/dev.c:1913
Code: 89 d8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 8a 04 20 84 c0 0f 85 e5 1c 00 00 8b 1b ff cb 4c 01 f3 48 89 d8 48 c1 e8 03 <42> 8a 04 20 84 c0 0f 85 e8 1c 00 00 c6 03 00 48 8b 84 24 88 00 00
RSP: 0018:ffff88819968f7e0 EFLAGS: 00010a07
RAX: 1ffff1105e3c69ff RBX: ffff8882f1e34fff RCX: dffffc0000000000
RDX: ffffc90003917000 RSI: 0000000000000049 RDI: ffff8881ae7a7d50
RBP: ffff88819968fb30 R08: ffffffff81dc5f03 R09: fffff94000c985e7
R10: fffff94000c985e7 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000010 R14: ffff8881f1e35000 R15: ffff8881e70a3b0c
FS: 00007fd106eaf700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed105e3c69ff CR3: 00000001e95c7000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
fuse_dev_write+0x16e/0x1f0 fs/fuse/dev.c:1950
call_write_iter include/linux/fs.h:1962 [inline]
new_sync_write fs/read_write.c:483 [inline]
__vfs_write+0x59c/0x720 fs/read_write.c:496
vfs_write+0x217/0x4f0 fs/read_write.c:558
ksys_write+0x186/0x2b0 fs/read_write.c:611
do_syscall_64+0xcb/0x150 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45e159
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fd106eaec68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045e159
RDX: 0000000000000010 RSI: 00000000200022c0 RDI: 0000000000000003
RBP: 000000000119bfc0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c
R13: 00007ffe7fb92a3f R14: 00007fd106eaf9c0 R15: 000000000119bf8c
Modules linked in:
CR2: ffffed105e3c69ff
---[ end trace 6e9f84446a276d5a ]---
RIP: 0010:fuse_dev_do_write+0x547f/0x74b0 fs/fuse/dev.c:1913
Code: 89 d8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 8a 04 20 84 c0 0f 85 e5 1c 00 00 8b 1b ff cb 4c 01 f3 48 89 d8 48 c1 e8 03 <42> 8a 04 20 84 c0 0f 85 e8 1c 00 00 c6 03 00 48 8b 84 24 88 00 00
RSP: 0018:ffff88819968f7e0 EFLAGS: 00010a07
RAX: 1ffff1105e3c69ff RBX: ffff8882f1e34fff RCX: dffffc0000000000
RDX: ffffc90003917000 RSI: 0000000000000049 RDI: ffff8881ae7a7d50
RBP: ffff88819968fb30 R08: ffffffff81dc5f03 R09: fffff94000c985e7
R10: fffff94000c985e7 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000010 R14: ffff8881f1e35000 R15: ffff8881e70a3b0c
FS: 00007fd106eaf700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed105e3c69ff CR3: 00000001e95c7000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 30fc3020 BACKPORT: mm/gup: Remove enfornced COW mechanism
git tree: android12-5.4
console output: https://syzkaller.appspot.com/x/log.txt?x=17ed240f500000
kernel config: https://syzkaller.appspot.com/x/.config?x=3f87a6a62e174867
dashboard link: https://syzkaller.appspot.com/bug?extid=6f69172f54597343c14f
compiler: Android (6032204 based on r370808) clang version 10.0.1 (https://android.googlesource.com/toolchain/llvm-project 6e765c10313d15c02ab29977a82938f66742c3a9)
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6f6917...@syzkaller.appspotmail.com
BUG: unable to handle page fault for address: ffffed105e3c69ff
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 23fff7067 P4D 23fff7067 PUD 23fff5067 PMD 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 28911 Comm: syz-executor.3 Not tainted 5.4.83-syzkaller-00110-g30fc30201c19 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:fuse_dev_do_write+0x547f/0x74b0 fs/fuse/dev.c:1913
Code: 89 d8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 8a 04 20 84 c0 0f 85 e5 1c 00 00 8b 1b ff cb 4c 01 f3 48 89 d8 48 c1 e8 03 <42> 8a 04 20 84 c0 0f 85 e8 1c 00 00 c6 03 00 48 8b 84 24 88 00 00
RSP: 0018:ffff88819968f7e0 EFLAGS: 00010a07
RAX: 1ffff1105e3c69ff RBX: ffff8882f1e34fff RCX: dffffc0000000000
RDX: ffffc90003917000 RSI: 0000000000000049 RDI: ffff8881ae7a7d50
RBP: ffff88819968fb30 R08: ffffffff81dc5f03 R09: fffff94000c985e7
R10: fffff94000c985e7 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000010 R14: ffff8881f1e35000 R15: ffff8881e70a3b0c
FS: 00007fd106eaf700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed105e3c69ff CR3: 00000001e95c7000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
fuse_dev_write+0x16e/0x1f0 fs/fuse/dev.c:1950
call_write_iter include/linux/fs.h:1962 [inline]
new_sync_write fs/read_write.c:483 [inline]
__vfs_write+0x59c/0x720 fs/read_write.c:496
vfs_write+0x217/0x4f0 fs/read_write.c:558
ksys_write+0x186/0x2b0 fs/read_write.c:611
do_syscall_64+0xcb/0x150 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45e159
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fd106eaec68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045e159
RDX: 0000000000000010 RSI: 00000000200022c0 RDI: 0000000000000003
RBP: 000000000119bfc0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c
R13: 00007ffe7fb92a3f R14: 00007fd106eaf9c0 R15: 000000000119bf8c
Modules linked in:
CR2: ffffed105e3c69ff
---[ end trace 6e9f84446a276d5a ]---
RIP: 0010:fuse_dev_do_write+0x547f/0x74b0 fs/fuse/dev.c:1913
Code: 89 d8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 8a 04 20 84 c0 0f 85 e5 1c 00 00 8b 1b ff cb 4c 01 f3 48 89 d8 48 c1 e8 03 <42> 8a 04 20 84 c0 0f 85 e8 1c 00 00 c6 03 00 48 8b 84 24 88 00 00
RSP: 0018:ffff88819968f7e0 EFLAGS: 00010a07
RAX: 1ffff1105e3c69ff RBX: ffff8882f1e34fff RCX: dffffc0000000000
RDX: ffffc90003917000 RSI: 0000000000000049 RDI: ffff8881ae7a7d50
RBP: ffff88819968fb30 R08: ffffffff81dc5f03 R09: fffff94000c985e7
R10: fffff94000c985e7 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000010 R14: ffff8881f1e35000 R15: ffff8881e70a3b0c
FS: 00007fd106eaf700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed105e3c69ff CR3: 00000001e95c7000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Dec 15, 2020, 6:44:11 AM12/15/20
to syzkaller-a...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 30fc3020 BACKPORT: mm/gup: Remove enfornced COW mechanism
git tree: android12-5.4
console output: https://syzkaller.appspot.com/x/log.txt?x=14ef1287500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16340613500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6f6917...@syzkaller.appspotmail.com
BUG: unable to handle page fault for address: ffffed105bf829ff
RAX: 1ffff1105bf829ff RBX: ffff8882dfc14fff RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 00000000000007e0 RDI: ffff8881e935fd50
RBP: ffff8881e92e7b30 R08: ffffffff81dc5f03 R09: fffff94000f5f817
R13: 0000000000000010 R14: ffff8881dfc15000 R15: ffff8881ec5d5f0c
FS: 00007fe2da069700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
Code: e8 fc b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fe2da068d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000006ddc48 RCX: 0000000000445f29
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006ddc4c
R13: 0000000020000000 R14: 00000000004ae560 R15: 0000000000000003
Modules linked in:
CR2: ffffed105bf829ff
---[ end trace e8297fc1c765ae6b ]---
RAX: 1ffff1105bf829ff RBX: ffff8882dfc14fff RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 00000000000007e0 RDI: ffff8881e935fd50
RBP: ffff8881e92e7b30 R08: ffffffff81dc5f03 R09: fffff94000f5f817
R10: fffff94000f5f817 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000010 R14: ffff8881dfc15000 R15: ffff8881ec5d5f0c
FS: 00007fe2da069700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
HEAD commit: 30fc3020 BACKPORT: mm/gup: Remove enfornced COW mechanism
git tree: android12-5.4
kernel config: https://syzkaller.appspot.com/x/.config?x=3f87a6a62e174867
dashboard link: https://syzkaller.appspot.com/bug?extid=6f69172f54597343c14f
compiler: Android (6032204 based on r370808) clang version 10.0.1 (https://android.googlesource.com/toolchain/llvm-project 6e765c10313d15c02ab29977a82938f66742c3a9)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16a37137500000
dashboard link: https://syzkaller.appspot.com/bug?extid=6f69172f54597343c14f
compiler: Android (6032204 based on r370808) clang version 10.0.1 (https://android.googlesource.com/toolchain/llvm-project 6e765c10313d15c02ab29977a82938f66742c3a9)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16340613500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6f6917...@syzkaller.appspotmail.com
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 23fff7067 P4D 23fff7067 PUD 23fff5067 PMD 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 366 Comm: syz-executor858 Not tainted 5.4.83-syzkaller-00110-g30fc30201c19 #0
#PF: error_code(0x0000) - not-present page
PGD 23fff7067 P4D 23fff7067 PUD 23fff5067 PMD 0
Oops: 0000 [#1] PREEMPT SMP KASAN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:fuse_dev_do_write+0x547f/0x74b0 fs/fuse/dev.c:1913
Code: 89 d8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 8a 04 20 84 c0 0f 85 e5 1c 00 00 8b 1b ff cb 4c 01 f3 48 89 d8 48 c1 e8 03 <42> 8a 04 20 84 c0 0f 85 e8 1c 00 00 c6 03 00 48 8b 84 24 88 00 00
RSP: 0018:ffff8881e92e77e0 EFLAGS: 00010a07
RIP: 0010:fuse_dev_do_write+0x547f/0x74b0 fs/fuse/dev.c:1913
Code: 89 d8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 8a 04 20 84 c0 0f 85 e5 1c 00 00 8b 1b ff cb 4c 01 f3 48 89 d8 48 c1 e8 03 <42> 8a 04 20 84 c0 0f 85 e8 1c 00 00 c6 03 00 48 8b 84 24 88 00 00
RAX: 1ffff1105bf829ff RBX: ffff8882dfc14fff RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 00000000000007e0 RDI: ffff8881e935fd50
RBP: ffff8881e92e7b30 R08: ffffffff81dc5f03 R09: fffff94000f5f817
R13: 0000000000000010 R14: ffff8881dfc15000 R15: ffff8881ec5d5f0c
FS: 00007fe2da069700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed105bf829ff CR3: 00000001dfd72000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
fuse_dev_write+0x16e/0x1f0 fs/fuse/dev.c:1950
call_write_iter include/linux/fs.h:1962 [inline]
new_sync_write fs/read_write.c:483 [inline]
__vfs_write+0x59c/0x720 fs/read_write.c:496
vfs_write+0x217/0x4f0 fs/read_write.c:558
ksys_write+0x186/0x2b0 fs/read_write.c:611
do_syscall_64+0xcb/0x150 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x445f29
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
fuse_dev_write+0x16e/0x1f0 fs/fuse/dev.c:1950
call_write_iter include/linux/fs.h:1962 [inline]
new_sync_write fs/read_write.c:483 [inline]
__vfs_write+0x59c/0x720 fs/read_write.c:496
vfs_write+0x217/0x4f0 fs/read_write.c:558
ksys_write+0x186/0x2b0 fs/read_write.c:611
do_syscall_64+0xcb/0x150 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Code: e8 fc b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fe2da068d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000006ddc48 RCX: 0000000000445f29
RDX: 0000000000000010 RSI: 00000000200022c0 RDI: 0000000000000003
RBP: 00000000006ddc40 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006ddc4c
R13: 0000000020000000 R14: 00000000004ae560 R15: 0000000000000003
Modules linked in:
CR2: ffffed105bf829ff
---[ end trace e8297fc1c765ae6b ]---
RIP: 0010:fuse_dev_do_write+0x547f/0x74b0 fs/fuse/dev.c:1913
Code: 89 d8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 8a 04 20 84 c0 0f 85 e5 1c 00 00 8b 1b ff cb 4c 01 f3 48 89 d8 48 c1 e8 03 <42> 8a 04 20 84 c0 0f 85 e8 1c 00 00 c6 03 00 48 8b 84 24 88 00 00
RSP: 0018:ffff8881e92e77e0 EFLAGS: 00010a07
Code: 89 d8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 8a 04 20 84 c0 0f 85 e5 1c 00 00 8b 1b ff cb 4c 01 f3 48 89 d8 48 c1 e8 03 <42> 8a 04 20 84 c0 0f 85 e8 1c 00 00 c6 03 00 48 8b 84 24 88 00 00
RAX: 1ffff1105bf829ff RBX: ffff8882dfc14fff RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 00000000000007e0 RDI: ffff8881e935fd50
RBP: ffff8881e92e7b30 R08: ffffffff81dc5f03 R09: fffff94000f5f817
R10: fffff94000f5f817 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000010 R14: ffff8881dfc15000 R15: ffff8881ec5d5f0c
FS: 00007fe2da069700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed105bf829ff CR3: 00000001dfd72000 CR4: 00000000001406e0
Reply all
Reply to author
Forward
0 new messages